Tunnel Mode – Out of Path

Wanos supports bridge mode by default. It is the recommended design due to the simplicity. Various high availability options are possible. Where possible use bridge mode.

In some cases it might not be possible to place a simple bridge appliance in-line or in-path. In this scenario out of path can be used by configuring the wan optimizer in tunnel mode. This mode needs to be manually configured.

Tunnel mode requirements

• All peers in tunnel mode.
• A single wan0 ip address.
• A single wan0 mac address.
• Firewalls need to permit port UDP 4050.
• Firewalls need to permit ipcomp for PLR functionality.
• Static Remote Peer IP Addresses configured in MultiSite.
• Promiscuous or Mac-spoofing is not required.

How it works:

• Tunnel mode only use the physical wan0 interface. Disconnect lan0 if it exists.
• The wan0 gateway should be the wan router.
• The wan0 IP address is a gateway address for LAN devices.
• Workstations or Servers are configured with the wan0 address as their gateway address.
• Layer-3 switches can also be used to route traffic to the Wanop gateway.
• Traffic sent to Wanos will be validated for optimization.
• Optimized traffic will be encapsulated and tunnel to the remote destination peer.
• The traffic will be sent to the peer that match the destination subnets in the MultiSite configuration.
• Once the traffic is received by the remote peer it will be de-capsulated, de-optimized and forwarded to the default gateway.
• Traffic from the remote side needs to follow the same sequence.

Configuration:

1. Set the remote subnets and remote peer ip in the MultiSite configuration.
2. In Network settings select deployment mode: Tunnel
3. Select UDP encapsulation.

Apply the changes to enable tunnel mode.

Caveats: